Connected to Internet - Too late to flash? - Google Chromecast

Hi Everyone,
I know there are massive amounts of detailed information, and pages and pages of dialogues, but I was wondering what is the LATEST regarding flashing a Chromecast that has been well and truly connected to the internet and only bought in the last few days.
I see posts going back to last year stating it has to be a certain build, serial number and not connected to the internet, but is this still the case?
Thanks.

Still the case

Yup, if/when the situation changes, so will the information posts.
Your Chromecast is one three possible states:
Bootloader is vulnerable (build 12072) and Chromecast has not downloaded an update yet.
-> Cool, don't let it connect to the Internet and flash Eureka-ROM with FlashCast ASAP. Head over here for steps: https://forum.xda-developers.com/showthread.php?t=2629327
Bootloader is vulnerable (build 12072) and Chromecast has downloaded an update, but not yet applied it.
-> If you're willing to take some risk, void the warranty, and open up the Chromecast, you might still be able to get root.
See this thread: http://forum.xda-developers.com/showthread.php?t=2438715
Bootloader is not vulnerable (newer than build 12072)
-> Sorry, no root for you at this time. Keep on the lookout for a new root exploit.

bhiga said:
Yup, if/when the situation changes, so will the information posts.
Your Chromecast is one three possible states:
Bootloader is vulnerable (build 12072) and Chromecast has not downloaded an update yet.
-> Cool, don't let it connect to the Internet and flash Eureka-ROM with FlashCast ASAP. Head over here for steps: https://forum.xda-developers.com/showthread.php?t=2629327
Bootloader is vulnerable (build 12072) and Chromecast has downloaded an update, but not yet applied it.
-> If you're willing to take some risk, void the warranty, and open up the Chromecast, you might still be able to get root.
See this thread: http://forum.xda-developers.com/showthread.php?t=2438715
Bootloader is not vulnerable (newer than build 12072)
-> Sorry, no root for you at this time. Keep on the lookout for a new root exploit.
Click to expand...
Click to collapse
Bugger!
Pretty sure the FW\ Build starts with a '17'.
Thanks for the update.

Related

PSA: The new OTA (build 12840) patches the bootloader exploit used to obtain root

Update
Since this thread seems to have become quite popular, I thought I'd update it to give people all the newest information in one place.
Since I've made this post, there has been another OTA (build 12940) that improves bootloader security even further and prevents some potential root methods which were being developed for 12840. As of now, neither build 12840, build 12940, nor build 13300 has a published root method. New units have the patched bootloader preloaded from the factory and are not rootable. If you buy a unit at this point, there is a good chance that you will get one that is patched. (EDIT 2013-10-22: People are reporting that units they have purchased from Best Buy and Amazon are still running the vulnerable build. It is unclear if this is simply old stock or if there are still vulnerable units being produced.)
As for the methods described below, they cannot be performed through a shell (i.e. telnet) since the root filesystem is formatted as squashfs, which is read-only. Instead, the root images must be manually repacked for each OTA and flashed using a USB drive with an image such as FlashCast. @ddggttff3 maintains a FlashCast mod to update Chromecasts to the latest firmware without losing root, which can be found here.
For those of you who have managed to keep your vulnerable bootloaders, keep your eyes out. There should be some very cool releases in the near future.
Original post
As can be seen in this commit to Google's Chromecast source mirror, firmware version 1.1 adds a check for the result of image verification on line 755. This check will cause GTVHacker's USB image to fail to boot, and you will not be able to obtain root. Even if another root exploit is found, it seems very unlikely that it will be as clean or simple as the one which exists now, which simply uses version 0.7's unlocked bootloader to flash a new system image.
Unfortunately, I don't have a Chromecast to test on, so I cannot recommend a method of disabling OTAs. However, from looking at the system image, there are a few possibilities I see. THE FOLLOWING METHODS ARE UNTESTED AND ARE NOT GUARANTEED TO WORK OR LEAVE YOUR CHROMECAST IN A WORKING STATE. PERFORM THEM AT YOUR OWN RISK.
After telnetting into your rooted Chromecast or otherwise obtaining a root shell, you can try these two possible methods
Rename otacerts.zip to otacerts.zip.bak in /system/etc/security/. This may remove the OTA signing keys and cause the Chromecast to reject any OTAs. However, I do not know whether this file is actually used or whether is simply a remnant from Chromecast's Android base.
Replace /chrome/update_engine with an empty, executable, shell script (make sure to make a backup copy first). I am very unsure of this method, since it is simply going off the name of the update_engine binary. If update_engine happens to perform some task core to the system, doing this will leave your device in an unusable state. If this happens, simply re-rooting using GTVHacker's USB image should restore your system to how it was.
Again, I am not responsible for any bricked Chromecasts which may result from attempting this. If you do try either method, please report whether or not it appeared to work or have any ill effects.
Any idea when they'll push the update?
xuser said:
Any idea when they'll push the update?
Click to expand...
Click to collapse
According to Google, it's rolling out now.
Thanks for this, just checked my unit, which is still on the old version. Am waiting for my cable to get here so I can root it, so glad I caught it before it updated!
Looks like the update will be automatic and my Chromecast is plugged up at home (connected to wifi). Hope it doesn't get pushed today. My powered USB OTG cable hasn't arrived yet so I can't even root it ATM.
Sent from my GT-N5110 using Xparent Green Tapatalk 2
joshw0000 said:
Looks like the update will be automatic and my Chromecast is plugged up at home (connected to wifi). Hope it doesn't get pushed today. My powered USB OTG cable hasn't arrived yet so I can't even root it ATM.
Sent from my GT-N5110 using Xparent Green Tapatalk 2
Click to expand...
Click to collapse
find out the server name/ip for the OTA update, block it on your router
paperWastage said:
find out the server name/ip for the OTA update, block it on your router
Click to expand...
Click to collapse
Here are the URLs:
Stable channel updates http://goo.gl/3yy01K
Beta channel updates http://goo.gl/53l5sA
Dev channel updates http://goo.gl/JVkHhl
Weird...when I just loaded those, the stable channel has the highest build number. Stable is at 12840 (which is the update that is rolling out now), Beta is at 12726, Dev is at 12819
paperWastage said:
find out the server name/ip for the OTA update, block it on your router
Click to expand...
Click to collapse
I wont be home until later tonight.
Sent from my GT-N5110 using Xparent Green Tapatalk 2
also, i'd assume replacing /boot/recovery.img with a custom recovery or just removing it would also prevent updates. not sure though, I also don't have a chromecast.
also, if you are feeling adventurous, try this: http://db.tt/Ja1XBNgH. if it works, you'll have the latest software, root, and no updated bootloader. if it doesn't work, you might be able to recover by using gtvhacker's image. no promises though, since I don't own a chromecast, I cant test it. Don't blame me if your chromecast quits working, explodes, kills your puppy, or hands north korea some working nukes.
@xuser your signature made me think there was an actual bug on my screen. I tried to kill it, but it ignored my attempts and kept crawling around under the glass
[removed]
Wouldn't it be possible to flash build 12072 back onto the device (since it is signed by Google), and then root it using that build? That is a fairly common practice for many devices that have exploits in early releases. Is there a copy of the image for build 12072 floating around yet?
It's possible. But it seems like more and more manufacturers are preventing downgrading. Who actually manufacturers this thing?
Sent from my SCH-I545 using Xparent Green Tapatalk 2
the chromecast seems to have a recovery mode (like android) that flashes update zips (like android). so if we found a google signed update for the original firmware that includes flashing the insecure bootloader, then downgrades are possible. but the update zips posted above include a build date check,which means you have to either modify your build.prop (requires root, which is what we are trying to accomplish) or modify the update zip (which will make it no longer google signed and valid, so it would need a custom recovery. which requires root). so, unless google lets us, downgrading is not possible.
I'm still hoping that google built in a dev-mode, like their chrome os devices.
Hmm I wonder if I were to order one now would it come with the old software or the new update?
I'm guessing that it would still be on the old build (assuming you get it shipped soon, or pick it up at Best Buy). My Chromecast sticks still haven't updated to the latest build.
joshw0000 said:
Who actually manufacturers this thing?
Sent from my SCH-I545 using Xparent Green Tapatalk 2
Click to expand...
Click to collapse
Good question.
mine updated itself today and lost root
no one tried my image yet?
I'm curious if you had your Chromecast powered off during the day today. And if so, did you see it update when you turned it on?
I have been using my Chromecast to stream music all day, and so far it hasn't updated to the latest build. I would assume as long as the Chromecast is off or in use casting then the update will not be performed.
Louer Adun said:
I'm curious if you had your Chromecast powered off during the day today. And if so, did you see it update when you turned it on?
I have been using my Chromecast to stream music all day, and so far it hasn't updated to the latest build. I would assume as long as the Chromecast is off or in use casting then the update will not be performed.
Click to expand...
Click to collapse
I've turned it off a few times but it finally updated ~30 min ago.

[Q] Any chance of rooting 13300 build?

Just wanted to confirm that I have locked the root by updating to 13300 build. Did I?
I did not even think before updating to the latest version and when i did, it was too late. Hopefully, sm1 will be able to break it. Thanks.
Mef.
mefistofel666 said:
Just wanted to confirm that I have locked the root by updating to 13300 build. Did I?
Click to expand...
Click to collapse
If it auto-updated at all (not that it gives you a choice) and you were not already using a rooted firmware like PwnedCast, then yes, you no longer have root and cannot get root by any of the current means (Flashcast).
PwnedCast has an auto-update function that updates to new versions that preserve root.
Hopefully there will be other root methods discovered after the SDK is released, but until something new pops up, you can only use the Google-supplied apps - in other words, your Chromecast is "just" a regular Chromecast.
bhiga said:
in other words, your Chromecast is "just" a regular Chromecast.
Click to expand...
Click to collapse
By "Regular Chromecast" you mean "a lemon" right?
still no luck?
still nothing on rooting 13300?
mefistofel666 said:
still nothing on rooting 13300?
Click to expand...
Click to collapse
No, and build 14651 is rolling out for stock Chromecasts. It's a moving target, unless a vulnerability is found in the SDK, but first the SDK needs to be released.

[FAQ] Root Mini-FAQ: What's the big deal with root?

This topic deals specifically with root accessbility. For other topics, please consult the Chromecast FAQ thread or Search.
Are all Chromecasts rootable?
No, not anymore... again.
The HubCap exploit has been patched in firmware build 19084. This means yet again, only certain Chromecasts can have root. It didn't take long - only about a month from the exploit's release and 2-3 weeks from the source release before a patch arrived.
Quick reference
If your Chromecast is running...
Firmware build 12072 (this is the original firmware) - use FlashCast to flash Eureka-ROM to get root
Firmware build before 19084 - HubCap will flash Eureka-ROM to get you root.
After that, you can install Flashcast-AutoRoot to stay current with updates while preserving root (but you will lose the Eureka web panel and SSH, there is still telnet).
Firmware build 19084 or newer - sorry, no root for you.
If your Chromecast is on firmware build 19084 or newer, it is not rootable.
Root now or root later? Why do I need to root before setting up and using the device?
THERE IS NO OPTION TO ROOT LATER!
The current Chromecast setup app forces an update to the latest firmware during Setup - and the latest firmware patches both the original 12072 bootloader exploit and the pre-19084 HubCap exploit. This means once you set up a new Chromecast, it is not longer rootable.
If your new-in-box Chromecast is exploitable by either HubCap or FlashCast, you must apply Eureka-ROM using FlashCast or HubCap BEFORE connecting it to the Internet.
Do I even need root?
Initially there were more reasons to root, like the ability to send local files to Chromecast. However, new Google-approved apps like Avia, RealPlayer Cloud and Plex were released to bridge that gap.
Right now, functionality-wise, root brings you
DNS control (use non-Google DNS)
Telnet access
Other mods/enhancements the community may contribute
DNS control is important for people using Chromecast outside of the US, as many of the Chromecast services like Netflix and Hulu Plus are either unavailable or have restrictions on available content in other countries.
Why can't we get root another way?
While I'm not one to say never, because there are a lot of clever people out there but...
Unlike phones and tablets, Chromecast is quite the ornery Android device...
It has no Fastboot.
So we can't download a new ROM image that way.
It has no accessible recovery.
So we can't install stuff or access the filesystem with an update.zip
It has no image loader/flasher utility.
So we can't download a new ROM image that way either.
It has no interface (screen or input device).
This just makes it even more difficult to interact with it for hacking purposes.
ADB, Telnet and SSH are disabled by default.
No ways to peek or poke around there either.
The runtime filesystem is read-only.
So a clever app can't make changes either.
Google OTA updates are automatically downloaded and applied, updating the bootloader and ROM. Updated bootloader versions will only execute Google-signed code.
So once you get a Google OTA update, you lose the ability to update the ROM (without a new root method).
Long story short, to get root you need to access the filesystem or execute custom (not signed by Google) code.
But you can't access the filesystem.
And you can only execute custom code on the original bootloader (build 12072).
Use of the SDK to obtain root is against its terms of use so there is little traction on that front.
While the first exploit (that FlashCast uses) was found relatively quickly, it took nearly a year for the HubCap exploit to be found and perfected.
I had root with Eureka-ROM and now it appears I don't?
This can happen if the power is pulled or lost during an update.
You may still have the vulnerable bootloader and be able to get root back, depending on how long it has been since the attempted update.
Unplug Chromecast from power until you can re-flash the newest Eureka-ROM via OTG.
This is a good reason to use AC/wall power rather than USB on the TV, as the TV often cuts USB power when the TV is turned off.
For further details, see this post.
Well that pisses me off! Google is evil! I deserve root!! I'm buying something else!!!
Google never promised root. They just promised an SDK that was released February 3, 2014 here. Root capability just came as an unexpected (and perhaps unintended) gift for initial units.
Chromecast is not a phone or tablet. It's a $35 appliance to be connected to a TV. Hacking your TV might be fun, but Chromecast is not aimed at hackers. It's aimed at the normal people who just want to get Netflix, YouTube, etc on their TV and people who like the concept of using the Android or iOS device instead of adding yet another remote control to their pile.
Whether you buy Chromecast is your choice. Nobody said you had to buy every new device Google puts out. Google isn't Apple.
Also keep in mind, Chromecast is useless without content, which requires content providers. Content providers don't like the concept of root access to a device that plays their content. They fear it will allow their content to easily be pirated. That's why CinemaNow and other services don't allow rooted devices.
For the longevity of the device and continued usability for normal customers, it's in Google's best interest not to have widespread/publicized hacking of Chromecast. Long story short, even with thousands of rooted Chromecasts, we're still a minority compared to the millions of Chromecasts out in the market.
All currently sold chromecasts with firmware build 19084 or newer?
bhiga said:
If your Chromecast is running...
Firmware build 12072 (this is the original firmware) - use FlashCast to flash Eureka-ROM to get root
Firmware build before 19084 - HubCap will flash Eureka-ROM to get you root
Firmware build 19084 or newer - sorry, no root for you.
Click to expand...
Click to collapse
Thanks a lot for your helpful FAQ!
Are there still any chromecasts being sold with rootable firmware builds in 2016?
If this is not the case, when were the last chromecasts sold with firmware builds before 19084?
echo_21 said:
Are there still any chromecasts being sold with rootable firmware builds in 2016?
If this is not the case, when were the last chromecasts sold with firmware builds before 19084?
Click to expand...
Click to collapse
Glad it was helpful to you.
Google did a few big sales last year and I haven't seen any of the old ones on store shelves since.
I have seen some recertified ones online from Groupon but it's hit-or-miss whether it still has a rootable build on it.
According to the ones I have seen, the switchover happened between MFG DATE 9/2014 and MFG DATE 11/2014.
See the Rootable Serial Numbers thread for target serial numbers if you can find an unopened one with known serial number.

UPDATE ALERT - 19084 firmware released

Watch out if you are planning to root! Currently we do not know if this prevents new root!
New firmware 19084 was released yesterday. It predictably does not mention anything about fixing new root exploit, but anybody who would like to attempt root in future should prevent his Chromecast from updating.
https://productforums.google.com/forum/#!topic/chromecast/FOIWpJydK9Y
Thanks for the update! From google source site, it looks like they have yet to patch the new exploit, but until I have a copy in-house to test with, I can not confirm this.
They might purposefully neglect to mention any patch of the exploit in hopes of catching people by surprise....
Munch better safe than sorry for those who are still waiting for a teensy to root
HEADS UP: Seems that google HAS PATCHED the HubCap exploit, but did not post the source for it (to keep us guessing?). Please avoid this OTA if you want root!
How can we see which firmware is currently installed on the chromecast? I connected it back to my tv with router off so it can't update, but I see no info concerning firmware.
TRoN_1 said:
How can we see which firmware is currently installed on the chromecast? I connected it back to my tv with router off so it can't update, but I see no info concerning firmware.
Click to expand...
Click to collapse
Use the CCast setup app....
But I suggest you disconnect the Internet from the router before you check...
Asphyx said:
Use the CCast setup app....
But I suggest you disconnect the Internet from the router before you check...
Click to expand...
Click to collapse
I more than suggest. I don't know when it started, but the current Chromecast app will try to force an update before it completes setup.
I still have version 17977
I am not rooted I am hopping this new update allows native screen mirroring.
shamelin73 said:
I still have version 17977
I am not rooted I am hopping this new update allows native screen mirroring.
Click to expand...
Click to collapse
Screen mirroring is already available...A new update isn't going to change anything about that if you can't mirror already the issue is your phone or tablet not the CCast.
SO if you want to root I suggest not taking the Update until you do, You are not going to gain anything just lose the ability to root.
Asphyx said:
Screen mirroring is already available...A new update isn't going to change anything about that if you can't mirror already the issue is your phone or tablet not the CCast.
SO if you want to root I suggest not taking the Update until you do, You are not going to gain anything just lose the ability to root.
Click to expand...
Click to collapse
I am guessing I don't know how to get it to work then. I thought the Moto X was not supported yet till the update but I am guessing it is an update to the phone that I need.
Sent from my XT1053 using Tapatalk
shamelin73 said:
I am guessing I don't know how to get it to work then. I thought the Moto X was not supported yet till the update but I am guessing it is an update to the phone that I need.
Sent from my XT1053 using Tapatalk
Click to expand...
Click to collapse
Yes it is most likely the phone side that is the issue...
The Mirroring works for the devices that support mirroring and it is unlikely to change much in an update.
All the CCast does is receive a stream....the Phone/Tab does the majority of the work by creating the stream and not all units have the ability to do that yet.
Besides...Even if you root the CCast it won't take long for Team Eureka to update the rom to get any goodness the newest update has in it....
So even after you root if there DOES happen to be something that allows your phone to mirror you will get it in Team Eureka Rom soon enough.
If you have a Chromecast "tucked away" waiting to be rooted you might want to turn off WiFi and factory reset it so it has no ability to update when you power it up for rooting later.
Anyone know when the update mentioned in the io will be pushed?
Deeco7 said:
Anyone know when the update mentioned in the io will be pushed?
Click to expand...
Click to collapse
Been pushed already! SO if you haven't rooted yet and your unit has gotten the update your SOL...
It should also be noted, that once you get this update, a factory reset COULD essentially brick the device, or at least give you problems.
Sources:
https://plus.google.com/110558071969009568835/posts/QUjWK6fkHNR
...and
https://plus.google.com/110558071969009568835/posts/cEhdykfYstF
mdamaged said:
It should also be noted, that once you get this update, a factory reset COULD essentially brick the device, or at least give you problems.
Sources:
https://plus.google.com/110558071969009568835/posts/QUjWK6fkHNR
...and
https://plus.google.com/110558071969009568835/posts/cEhdykfYstF
Click to expand...
Click to collapse
Looks like they tried to push out an update to fix the new root exploit too quickly.
where is my backdrop? ;_;

Unable to root tablet running 5.1.2

I have a Fire 5th gen tablet running v5.1.2 and am very much looking to root it with the aim of installing stock Android. Most of the resources I found online suggest the best rooting tool is KingRoot., however after several attempts and reboots it always fails to root the tablet. Although, now that I think about it, I've come across references on this site of people who were only successful on the 4th reboot; don't think I tried that many times in a row.
Unsure if this is useful information but the tablet was bought from UK Amazon store and it states a software version has been downloaded but not yet applied.
What options do I have to root the tablet? If there is a better tool out there for the job, please let me know. Likewise, if all I need to do is downgrade the software, I'll try it. I'll do anything to rid it of Amazon's-branded version of Android.
miguelg_ said:
I have a Fire 5th gen tablet running v5.1.2 and am very much looking to root it with the aim of installing stock Android. Most of the resources I found online suggest the best rooting tool is KingRoot., however after several attempts and reboots it always fails to root the tablet. Although, now that I think about it, I've come across references on this site of people who were only successful on the 4th reboot; don't think I tried that many times in a row.
Unsure if this is useful information but the tablet was bought from UK Amazon store and it states a software version has been downloaded but not yet applied.
What options do I have to root the tablet? If there is a better tool out there for the job, please let me know. Likewise, if all I need to do is downgrade the software, I'll try it. I'll do anything to rid it of Amazon's-branded version of Android.
Click to expand...
Click to collapse
There are two different FireOS versions that report 5.1.2 and only one of them is rootable (542168620). Many user reported that the rooting process works best if the device is not yet registered to Amazon.
fmc000 said:
There are two different FireOS versions that report 5.1.2 and only one of them is rootable (542168620). Many user reported that the rooting process works best if the device is not yet registered to Amazon.
Click to expand...
Click to collapse
Yep. Also be weary of the downloaded update which will likely push your tablet to 5.3.x which is not rootable.
You can rollback FireOS 5.1.2.1 to version 5.1.2 which can be rooted. Everything you need can be found in the forum index.
http://forum.xda-developers.com/amazon-fire/general/index-amazon-fire-2015-t3210485
Davey126 said:
Yep. Also be weary of the downloaded update which will likely push your tablet to 5.3.x which is not rootable.
Click to expand...
Click to collapse
So how would I avoid that? Kingroot insists on internet access, and given that it often requires multiple tries, I am afraid it will give Amazon plenty of time for OTA update.
railshot said:
So how would I avoid that? Kingroot insists on internet access, and given that it often requires multiple tries, I am afraid it will give Amazon plenty of time for OTA update.
Click to expand...
Click to collapse
Partial FireOS downloads are discarded each time the device reboots. Kingroot reboots with sufficient frequency during the rooting process to prevent a full OTA update from being downloaded with a typical 'home' connection (say <50 Mbps). Another option is the desktop/tether version of Kingroot that does not require the device have a network connection. Downside is the desktop UI is in Chinese but is pretty easy to follow.
Thank you. I blocked the amazon update domains on my router (what I could find at least) and managed to root it. Good to know that it was probably not needed
railshot said:
Thank you. I blocked the amazon update domains on my router (what I could find at least) and managed to root it. Good to know that it was probably not needed
Click to expand...
Click to collapse
For the benefit of future readers: blocking domains usually does not work long term to prevent OTA updates as Amazon (or their agents) rotate sources on a regular basis. I suspect this a for load balancing and other housekeeping, not an effort to circumvent user 'blocks'.

Categories

Resources